Security Pros Have Role in Combatting Disinformation

Written by

The COVID-19 pandemic has provided much greater opportunities for the use of disinformation to trick people into making bad decisions, according to a panel speaking on a recent webinar entitled Duped, Deluded, Deceived: How Disinformation Defrauds You.

The panellists firstly highlighted how the definition of ‘disinformation’ encompasses many common tactics used by cyber-criminals, including phishing, in which victims are duped by information that is designed to mislead.

The surge in these types of attacks this year has partly been as a result of businesses and individuals operating in new environments, in particular the shift to home working in which people are less protected by corporate networks. Niamh Muldoon, EMEA senior director in trust and cybersecurity at One Login said: “During times of uncertainty people are taken out of their comfort zone, they’re using new technologies to keep their businesses moving forward, and accessing systems and data in new ways and therefore it increases the risks and threats around uncertainty around how to operate from a security perspective.”

Another issue is that people are far more distracted by worries and fears in this period, and therefore more susceptible to clicking on bad URLs or being tricked into handing over personal details. Malicious actors have stayed abreast of new trends to effectively play on people’s emotions, with Theresa Lanowitz, head of communications at AT&T Cybersecurity, observing that the focus has continually shifted, covering areas such as the health impact, government stimulus packages, social unrest and vaccines. “Cyber-criminals, in this very well co-ordinated business model they have, follow current events,” she noted.

As well as using disinformation to commit cybercrime, this method is increasingly being utilized as a tool to spread misinformation online, something that has been highlighted during the current US election cycle. This has been brought about by the growing reliance on the internet and social media for information, which has been exacerbated by the COVID-19 pandemic, as well as celebrity culture.

Raj Samani, chief scientist and research fellow, McAfee, commented: “Today with the advent of social media, the construct of who we see as authoritative has fundamentally changed. We’ve seen alternative authoritative figures pushing miseducation which we’ve now categorized as misinformation.” He highlighted the conspiracy theory that 5G was causing the coronavirus, which was endorsed by certain public figures.

This problem of misinformation has been worsened by the growing division and tribalism in countries like the US over recent years, leading to much greater confirmation bias. “We need to have more education for the public on verifying information,” stated Tim Helming, security evangelist at DomainTools. This includes double checking sources and the stories themselves.

Combatting the fake news phenomenon is therefore part of the job of cybersecurity professionals, according to Muldoon. “We do have a role in the technology platforms that provide that information and validating the identity of the person that is sharing it. That’s where I believe our role comes in and making sure the controls are in place within platforms to validate the integrity of the data being shared.”

To effectively tackle the overall issue of disinformation, education and understanding is the key. Organizations can help in this regard by building a security first mindset throughout their staff, with these learnings and habits spilling out into their home lives as well. “You can tie security to business outcomes and objectives,” explained Lanowitz. “You want to set that culture at the top and have that shared responsibility model where the C-suite is leading by example and showing people what to do.”

To achieve this, first and foremost, establishing an environment which encourages people to come forward when they see anything suspicious or even when they have been tricked is critical. Helming added: “If you create a culture that intimidates and shames people for doing something like that, they’re not going to want to come forward.”  

What’s hot on Infosecurity Magazine?